Is the Government’s Healthcare Website Safe for You to Use?

Written By : MBAA

Share This

The US government’s health insurance website is receiving criticism for passing along consumers’ data who use the site. What does this mean for an American man or woman going onto HealthCare.gov to apply for insurance? It means that any personal information they enter onto the site as part of the application process could potentially be open to viewing by third-party data businesses that have government-approved embedded connections within the site.

Those personal details can include your name, your age, income, ZIP code, whether you are pregnant and if you smoke cigarettes. In addition, the data firms can see when you are on the website. The third-party tech connections were confirmed by The Associated Press after IT experts analyzed HealthCare.gov.

US officials explained that numerous data companies have access to the personal data on the government healthcare website to conduct analyses that, in their opinion, better the consumer experience. The outside vendors have access to those details, in theory, to be able to provide a simple, streamlined and custom experience for each consumer.

The officials also explained that those companies are restricted in their use of the data to solely analytical purposes and are blocked from using it for their own business gain. How exactly site administrators ensure that the vendors follow security and privacy policies is not clear.

However, the tracking of personal medical data on HealthCare.gov is alarming on several fronts. On one hand, those interconnections slow down the site, which can make for a frustrating user experience. More disconcerting, though, is that millions of Americans sign up for health insurance on the US government run website, which means that there are massive amounts of personal data held on the platform about people across the country.

Privacy concerns are sure to be on the minds of many people. For example, an advertiser could begin to show a consumer detailed targeted ads when he or she browses online, based on the personal information entered on HealthCare.gov, to provide a more personalized experience. If she entered that she was pregnant, however, this could potentially be embarrassing if pregnancy-related ads show up on web pages before she has notified her family about the life-changing event.

In addition, those small bits of data that the connected vendors collect from site users could be pieced together to provide a complete profile of a person. The risks of identity theft and other misuse of personal medical data then grows significantly. While the third-party embedded websites on the government health website cannot see your name, Social Security number or date of birth, the companies can link your visit of HealthCare.gov with your other web activities. For example, if you looked online for smoking cessation aids, that is a definite clue that you’re a smoker.

HealthCare.gov is not a small, insignificant website either. It is the flagship site of the Affordable Care Act and one that Americans put their trust into. The revelation that 14 third-party domains have access to the healthcare website is likely to have consumers worried about the safety of their personal details held on the site. These interconnected domains belong to web analytics and advertising companies that can potentially use the info for their own purposes.

Another concern is the increased security risks associated with having 14 third-party data firms connected to the US government website. Each time a resource is interconnected to HealthCare.gov, it increases the chances of a surface attack on the site. If an attacker compromises just one of those third-party connections, it may provide access to the millions of profiles on the site that contain personal details. The hacker could sell the private medical data to advertisers or even use it to blackmail the government.

The irony is that in the wake of the presidential administration addressing cyber security concerns, HealthCare.gov is opening itself up to potential security attacks because of its numerous outside connections. There is room for failure that site users may not be aware of. The administration’s new initiative to address privacy concerns online must include government sites such as HealthCare.gov, too.

Additionally, not telling users about the tracking system is quite another issue. The US government should be upholding high privacy standards for its users. While other websites, such as Facebook, use trackers to collect its data to craft an intuitive user experience, it is open about doing so.

The tracking going on behind the scenes at HealthCare.gov also goes against Google’s statement made on January 19, 2015 that it does not allow targeted ads to have their basis on medical or health information. When users are not told their actions online are tracked, that is an infringement on personal privacy. The American expectation of confidentiality of their medical and health information is high, and so it should be as this is far more intimate data than sharing a photo on Facebook.

The data that consumers share in their profiles on the website is highly sensitive, too. It is personal, medical information. When users are not clearly told that their information on HealthCare.gov is available to multiple advertisers, many Americans will likely question whether the US government is looking to protect their private personal health details.

HealthCare.gov is a central component to the Obama administration’s goal to officially enroll at least 9.1 million consumers in Obamacare plans in 2015; these must be consumers paying their first-month premiums. HealthCare.gov provides to 37 states across the US. It will be interesting to see how enrollment fluctuates following the privacy and security concerns about the Affordable Care Act’s flagship website.

Important: Any and all claims or representations, as to savings or potential savings are not to be considered as average savings. Case studies, stories and testimonials are not representative. They are only examples of past cases and cannot be guaranteed.